[blibble]

the point is to have a second factor

which isn't really destroyed by having a printout of what you entered onto your phone somewhere secure

(now if you store both in your password manager: that completely defeats the point)

[gonehome]

It doesn’t.

The threat model is someone gets your password, not somebody gets access to your password manager.

If the latter is your threat model then yes having your 2F in there is worse, but really the former is the more common thing to protect against and the tradeoff of not having 2F in your 1Password and getting locked out because your phone breaks is worse than the risk of having it in there.

It’s similar to the tradeoff of having a nano yubikey always in your laptop or a large one on your keys. For most people the nano is better (though you should have a second one in either case)

[hot_gril]

If you're using a password manager, you probably have one-time secure passwords, so the only probable way someone gets it is by stealing your password manager.

[gonehome]

This isn't accurate - they don't get access to multiple stuff.

- Site0 leaks your password because they store it poorly.

- It's just one password, but it's still leaked.

- You have 2F in 1Password so even though it's picked up in an account list the attacker can't login.

- Weeks later you learn there was a breach.

This is the common case for most accounts and breaches. Though the sites most likely to leak are also ones unlikely to have 2F so it's not perfect.

[hot_gril]

So the attacker gets access to the plaintext passwords but not the rest of the database or the ability to skip the 2FA server-side, and the site doesn't notice. Guess I can see that happening still, since the password DB is likely separate.

[hot_gril]

Er, not one-time use passwords, I mean the password is only used on one website.